OSU calls breaches of data minor

In the past three years, Ohio State University has investigated an average of 10 potential data breaches annually.

In the past three years, Ohio State University has investigated an average of 10 potential data breaches annually.

Ohio State has checked into six possible cases in the past year and found four minor breaches in which the names and Social Security numbers of employees or current and former students might have been stolen from individual computers.

In those four instances, 30 to 385 people might have been affected, said Catherine Bindewald, spokeswoman for OSU's Office of the Chief Information Officer. She said there are no indications that any data was misused, and no one has reported misuse of their identity.

"The low number of incidents and the minor nature of those breaches are good news when you consider that we have about 35,000 faculty and staff members and 60,000 students," Bindewald said.

Nationwide, the loss or theft of personal information has soared despite huge spending by companies, governments, schools and other agencies to protect the data.

Experts say data breaches will continue to rise as long as sensitive information such as credit-card numbers is kept on laptops and other mobile devices and hackers can bypass security safeguards.

This year, a Minnesota company that guarantees federal student loans sent letters to about 3.3 million people across the country - including 74,000 in Ohio - saying their personal information had been stolen.

In late 2008, Ohio State notified 18,000 current and former students that a vendor doing work for the school's student health-insurance plan mistakenly stored the names on a computer open to the Internet. Other campuses, such as Ohio University, have dealt with similar breaches.

In 2007, a thief broke into a state government intern's car and took a computer backup tape that contained the private information of more than 500,000 Ohioans.

Ohio State offers one year of free credit protection to everyone who might have been affected by a data breach, even if it is unlikely that anyone has inappropriately obtained the information, said Charles Morrow-Jones, director of information-technology security.

He said Ohio State hasn't used Social Security numbers in student records for about two years.

The number of data-breach investigations has dropped since the school beefed up security and added a $50 million student-information system that lets staff members obtain admissions, academic-advising, financial-aid and other student records.

Ohio State's information-security plan requires encryption of sensitive information on university laptops and mobile devices. The school also offers students and employees tips on how to prevent identity theft and other fraud at http://buckeyesecure.osu.edu/.